Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL's on Firewall IOS

I have a 2600 router with IOS Software (C2600-IK8O3S-M), Version 12.2(5d). On an extented named ACL with the following entries

permit tcp host 192.168.1.10 10.1.2.224 0.0.0.30 eq 1494

permit udp host 192.168.1.10 10.1.2.224 0.0.0.30 eq 1604

This was causing connection to connections to 10.1.2.227 to be blocked, so when the ACL was expanded to

permit tcp host 192.168.1.10 10.1.2.224 0.0.0.31 eq 1494

permit udp host 192.168.1.10 10.1.2.224 0.0.0.31 eq 1604

The connections worked.

Does anyone know a reason for this.

Thanks..

1 REPLY
New Member

Re: ACL's on Firewall IOS

Hello Alan,

your wildcardmask .30 looks 00011110 in binary. This is not allowed because when you set one bit to 1 all following bits must be set to 1s either. So the .31 wildcardmask looks 00011111 in binary and that is allowed and - as you say - it works.

Best regards

Norbert

100
Views
0
Helpful
1
Replies